Mitigating Poodle SSLv3 vulnerability

New vulneranility was announced in archaic SSLv3 protocol. You can defend your server by disabling usage of SSLv3 protocol. But take in mind that according to rumors Windows XP with IE6 still use it to, so basically disabling SSLv3 means cutting off old WinXP users from your services

On the bottom of page you can also find tips to disable SSLv3 in Firefox and Chrome


Disabling SSLv3


Add/modify line in /etc/httpd/conf.d/ssl.conf so it looks like this:

SSLProtocol all -SSLv2 -SSLv3

restart apache:

service httpd restart


Add to file /etc/postfix/


restart postfix

service postfix restart

dovecot  before v2.1

to get dovecot version use:

[root@vps dovecot]# dovecot --version

File /etc/dovecot/conf.d/10-ssl.conf
add/modify line

ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3

dovecot v 2.1 and newer

File /etc/dovecot/dovecot.conf add/modify line :

ssl_protocols = !SSLv2 !SSLv3

restart dovecot:

service dovecot restart



in URL line, type about:config, search for security.tls.version.min and set value to 1



Unlike in FF you can't set it permanantly somewhere in configuration, so you have to start Chrome everytime with parameter –ssl-version-min=tls1

Leave a Reply

Your email address will not be published. Required fields are marked *

Write numbers u see, eg. 365 *